Download | Devuan.org | Git | Bugs | Packages

The officially official Devuan Forum!

You are not logged in.

Pages: 1

#1 2025-10-03 21:48:36

hellomello
Member
Registered: 2025-10-03
Posts: 3  

[SOLVED] How to report "gpg: BAD signature"

I downloaded the daedalus file devuan_daedalus_5.0.1_amd64_netinstall.iso  from two different servers (https servers) and got a Bad signature both times on the file, but I don't know how to put it into the bug reporting system since there is no package name.  I think the bug report system might just kick it out if I report it without a package name.  Is that correct?  If not what package should I use, or how do I report it?  Thanks.

Last edited by hellomello (2025-10-03 21:49:32)

Offline

#2 2025-10-03 23:38:15

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,728  

Re: [SOLVED] How to report "gpg: BAD signature"

See if this fixes it:

 gpg --keyserver keyserver.ubuntu.com --refresh-keys

Offline

#3 2025-10-03 23:40:23

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,490  

Re: [SOLVED] How to report "gpg: BAD signature"

Was that "bad signature" for SHA256SUMS.txt.gpg?

Perhaps you need to refresh your pgp store?

gpg --keyserver keyserver.ubuntu.com --refresh-keys rrq@rrq.au

The sha256sum should be 722af7905595d9a1417f48f783d43dd40fe7da7a2e1d7998a8ea47df2d26941b
otherwise the download had errors.

EDIT: yes, fsmithred beat me to it smile

EDIT 2: concerns with the installers can be reported to the virtual project "devuan-installer"

Offline

#4 2025-10-04 00:03:46

hellomello
Member
Registered: 2025-10-03
Posts: 3  

Re: [SOLVED] How to report "gpg: BAD signature"

Thank you for the advice.  I have now followed both steps. 

The key refresh for key 680B5A1F661ECDBC showed 'not changed'.
The sha256sum of the ISOs match the checksum (722af7905595d9a1417f48f783d43dd40fe7da7a2e1d7998a8ea47df2d26941b).

Since the file is definitely correct, the 'BAD signature' error (from key 680B5A1F661ECDBC belonging to Ralph Ronnquist) indicates a problem with the signature file itself.   

I am happy, because I have my ISO, so I can mark this solved unless you'd rather leave it open or if you want more info.

Offline

#5 2025-10-04 00:48:57

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,490  

Re: [SOLVED] How to report "gpg: BAD signature"

Perhaps you have it on a windows filesystem that have added ^M characters to the lines?

Offline

#6 2025-10-04 01:10:29

hellomello
Member
Registered: 2025-10-03
Posts: 3  

Re: [SOLVED] How to report "gpg: BAD signature"

Yes, WSL2.  That could be doing it.  Thank you for checking that.

Offline

Pages: 1

Board footer

Forum Software